Vulnerabilities > CVE-2019-14816 - Heap-based Buffer Overflow vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Vulnerable Configurations

Part Description Count
OS
Linux
1709
OS
Redhat
35
OS
Debian
1
OS
Fedoraproject
2
OS
Netapp
15
OS
Canonical
4
OS
Opensuse
2
Application
Redhat
1
Application
Netapp
5
Hardware
Netapp
15

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4157-1.NASL
    descriptionWen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the Linux kernel did not properly handle error conditions on initialization, leading to a double-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15504) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the IPv6 RDS implementation in the Linux kernel did not properly initialize fields in a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). Please note that the RDS protocol is blacklisted in Ubuntu by default. (CVE-2019-16714) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130003
    published2019-10-17
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130003
    titleUbuntu 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4157-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4157-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130003);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-15504", "CVE-2019-15505", "CVE-2019-15902", "CVE-2019-16714", "CVE-2019-2181");
      script_xref(name:"USN", value:"4157-1");
    
      script_name(english:"Ubuntu 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4157-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux
    kernel did not properly perform bounds checking, leading to a heap
    overflow. A local attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2019-14814,
    CVE-2019-14815, CVE-2019-14816)
    
    Matt Delco discovered that the KVM hypervisor implementation in the
    Linux kernel did not properly perform bounds checking when handling
    coalesced MMIO write operations. A local attacker with write access to
    /dev/kvm could use this to cause a denial of service (system crash).
    (CVE-2019-14821)
    
    Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the
    Linux kernel did not properly handle error conditions on
    initialization, leading to a double-free vulnerability. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2019-15504)
    
    It was discovered that the Technisat DVB-S/S2 USB device driver in the
    Linux kernel contained a buffer overread. A physically proximate
    attacker could use this to cause a denial of service (system crash) or
    possibly expose sensitive information. (CVE-2019-15505)
    
    Brad Spengler discovered that a Spectre mitigation was improperly
    implemented in the ptrace susbsystem of the Linux kernel. A local
    attacker could possibly use this to expose sensitive information.
    (CVE-2019-15902)
    
    It was discovered that the IPv6 RDS implementation in the Linux kernel
    did not properly initialize fields in a data structure returned to
    user space. A local attacker could use this to expose sensitive
    information (kernel memory). Please note that the RDS protocol is
    blacklisted in Ubuntu by default. (CVE-2019-16714)
    
    It was discovered that an integer overflow existed in the Binder
    implementation of the Linux kernel, leading to a buffer overflow. A
    local attacker could use this to escalate privileges. (CVE-2019-2181).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4157-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-15504", "CVE-2019-15505", "CVE-2019-15902", "CVE-2019-16714", "CVE-2019-2181");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4157-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-aws", pkgver:"5.0.0-1019.21")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1020-kvm", pkgver:"5.0.0-1020.21")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1020-raspi2", pkgver:"5.0.0-1020.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1021-gcp", pkgver:"5.0.0-1021.21")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1023-azure", pkgver:"5.0.0-1023.24")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1024-snapdragon", pkgver:"5.0.0-1024.25")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-32-generic", pkgver:"5.0.0-32.34")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-32-generic-lpae", pkgver:"5.0.0-32.34")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-32-lowlatency", pkgver:"5.0.0-32.34")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-aws", pkgver:"5.0.0.1019.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-azure", pkgver:"5.0.0.1023.22")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gcp", pkgver:"5.0.0.1021.47")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic", pkgver:"5.0.0.32.33")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic-lpae", pkgver:"5.0.0.32.33")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gke", pkgver:"5.0.0.1021.47")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-kvm", pkgver:"5.0.0.1020.20")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-lowlatency", pkgver:"5.0.0.32.33")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-raspi2", pkgver:"5.0.0.1020.17")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-snapdragon", pkgver:"5.0.0.1024.17")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"linux-image-virtual", pkgver:"5.0.0.32.33")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-4C91A2F76E.NASL
    descriptionThe 5.2.11 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.10 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128481
    published2019-09-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128481
    titleFedora 30 : kernel / kernel-headers / kernel-tools (2019-4c91a2f76e)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-4c91a2f76e.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128481);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-15504", "CVE-2019-15505", "CVE-2019-15538");
      script_xref(name:"FEDORA", value:"2019-4c91a2f76e");
    
      script_name(english:"Fedora 30 : kernel / kernel-headers / kernel-tools (2019-4c91a2f76e)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 5.2.11 stable kernel update contains a number of important fixes
    across the tree.
    
    ----
    
    The 5.2.10 stable kernel update contains a number of important fixes
    across the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-4c91a2f76e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected kernel, kernel-headers and / or kernel-tools
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-15504", "CVE-2019-15505", "CVE-2019-15538");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2019-4c91a2f76e");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"kernel-5.2.11-200.fc30")) flag++;
    if (rpm_check(release:"FC30", reference:"kernel-headers-5.2.11-200.fc30")) flag++;
    if (rpm_check(release:"FC30", reference:"kernel-tools-5.2.11-200.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-headers / kernel-tools");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0174.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * Kernel: speculative bounds check bypass store (CVE-2018-3693) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (CVE-2019-8912) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057) * Kernel modules generated incorrectly when system is localized to non-English language (BZ#1705285) * RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9 (BZ#1756270)
    last seen2020-06-01
    modified2020-06-02
    plugin id133162
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133162
    titleRHEL 7 : kernel-alt (RHSA-2020:0174)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0174. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133162);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/24");
    
      script_cve_id("CVE-2018-18559", "CVE-2018-3693", "CVE-2019-10126", "CVE-2019-11487", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-17133", "CVE-2019-18660", "CVE-2019-3846", "CVE-2019-8912");
      script_xref(name:"RHSA", value:"2020:0174");
    
      script_name(english:"RHEL 7 : kernel-alt (RHSA-2020:0174)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel-alt is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel-alt packages provide the Linux kernel version 4.x.
    
    Security Fix(es) :
    
    * Kernel: speculative bounds check bypass store (CVE-2018-3693)
    
    * kernel: Use-after-free due to race condition in AF_PACKET
    implementation (CVE-2018-18559)
    
    * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in
    marvell/mwifiex/scan.c (CVE-2019-3846)
    
    * kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL
    value for a certain structure member, which leads to a use-after-free
    in sockfs_setattr (CVE-2019-8912)
    
    * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in
    drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
    
    * kernel: Count overflow in FUSE request leading to use-after-free
    issues. (CVE-2019-11487)
    
    * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell
    WiFi driver (CVE-2019-14816)
    
    * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in
    net/wireless/ wext-sme.c (CVE-2019-17133)
    
    * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell
    Wifi Driver leading to DoS (CVE-2019-14814)
    
    * kernel: heap-overflow in mwifiex_set_wmm_params() function of
    Marvell WiFi driver leading to DoS (CVE-2019-14815)
    
    * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to
    information exposure (CVE-2019-18660)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Bug Fix(es) :
    
    * Kernel panic on job cleanup, related to SyS_getdents64 (BZ#1702057)
    
    * Kernel modules generated incorrectly when system is localized to
    non-English language (BZ#1705285)
    
    * RHEL-Alt-7.6 - Fixup tlbie vs store ordering issue on POWER9
    (BZ#1756270)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/3523601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-3693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-18559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-3846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-8912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-10126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14814"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14815"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-14816"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-18660"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3846");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2018-18559", "CVE-2018-3693", "CVE-2019-10126", "CVE-2019-11487", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-17133", "CVE-2019-18660", "CVE-2019-3846", "CVE-2019-8912");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2020:0174");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0174";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-doc-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-4.14.0-115.17.1.el7a")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-4.14.0-115.17.1.el7a")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0019.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KVM: x86: Remove spurious semicolon (Joao Martins) [Orabug: 31413782] - genirq: Use rcu in kstat_irqs_usr (Eric Dumazet) - genirq: Make sparse_irq_lock protect what it should protect (Thomas Gleixner) [Orabug: 30953676] - genirq: Free irq_desc with rcu (Thomas Gleixner) [Orabug: 30953676] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] (CVE-2019-9503) - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] (CVE-2019-19056) - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl (Vladis Dronov) [Orabug: 31262557] (CVE-2017-7346) - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: prevent service task from running while we
    last seen2020-06-10
    modified2020-06-04
    plugin id137128
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137128
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200205_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) - kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) - kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133) - kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) Bug Fix(es) : - [Azure][7.8] Include patch
    last seen2020-03-18
    modified2020-02-07
    plugin id133538
    published2020-02-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133538
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20200205)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0375.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)
    last seen2020-06-01
    modified2020-06-02
    plugin id133484
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133484
    titleRHEL 7 : kernel-rt (RHSA-2020:0375)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1266.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1266 advisory. - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135088
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135088
    titleRHEL 7 : kernel (RHSA-2020:1266)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2950-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel KVM hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130950
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130950
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2309.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213) - An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215) - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217) - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212) - An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216) - An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090) - An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923) - An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918) - An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922) - An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926) - An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924) - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id131474
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131474
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : kernel (EulerOS-SA-2019-2309)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2173.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed. (bnc#1146512). - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514). - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516). - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users
    last seen2020-04-01
    modified2019-09-25
    plugin id129339
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129339
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0375.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)
    last seen2020-02-10
    modified2020-02-02
    plugin id133508
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133508
    titleCentOS 7 : kernel (CESA-2020:0375)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4162-1.NASL
    descriptionIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130151
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130151
    titleUbuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4162-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4163-1.NASL
    descriptionIt was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130152
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130152
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4163-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-0374.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch
    last seen2020-03-17
    modified2020-02-27
    plugin id134087
    published2020-02-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134087
    titleCentOS 7 : kernel (CESA-2020:0374)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2181.NASL
    descriptionThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516 bnc#1146512 bnc#1146514) - CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel
    last seen2020-04-01
    modified2019-09-25
    plugin id129345
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129345
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-2181)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1930.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10905 A race condition was discovered in the GFS2 file-system implementation, which could lead to a use-after-free. On a system using GFS2, a local attacker could use this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-9506 Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered a weakness in the Bluetooth pairing protocols, dubbed the
    last seen2020-06-01
    modified2020-06-02
    plugin id129361
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129361
    titleDebian DLA-1930-1 : linux security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0374.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch
    last seen2020-06-01
    modified2020-06-02
    plugin id133483
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133483
    titleRHEL 7 : kernel (RHSA-2020:0374)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2201.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in netetlink/genetlink.c.(CVE-2019-15921)An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130663
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130663
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1353.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1353 advisory. - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135248
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135248
    titleRHEL 6 : kernel-rt (RHSA-2020:1353)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2738-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel
    last seen2020-04-01
    modified2019-10-23
    plugin id130163
    published2019-10-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130163
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2738-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0653.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * RHEL7.5 - kernel crashed at xfs_reclaim_inodes_count+0x70/0xa0 (BZ#1795578)
    last seen2020-03-18
    modified2020-03-06
    plugin id134259
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134259
    titleRHEL 7 : kernel (RHSA-2020:0653)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5670.NASL
    descriptionDescription of changes: [4.1.12-124.39.1.el7uek] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503} - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056} - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346} [4.1.12-124.38.5.el7uek] - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: prevent service task from running while we
    last seen2020-05-12
    modified2020-05-07
    plugin id136388
    published2020-05-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136388
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2648-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540). CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel
    last seen2020-04-01
    modified2019-10-14
    plugin id129845
    published2019-10-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129845
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2106.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15505)An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/blockbd.c does not check the nla_nest_start_noflag return value.(CVE-2019-16089)drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16233)In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.(CVE-2019-16714)driverset/wireless/rsi/rsi_ 91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15504)There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14814)There is heap-based buffer overflow in marvell wifi chip driver in Linux kernel,allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14815)There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14816)driverset/wireless/ath/ath6kl/usb. c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15098)driverset/wireless/ath/ath10 k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15099) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130815
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130815
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2106)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4157-2.NASL
    descriptionUSN-4157-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04 LTS. Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the 91x Wi-Fi driver in the Linux kernel did not properly handle error conditions on initialization, leading to a double-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15504) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) It was discovered that the IPv6 RDS implementation in the Linux kernel did not properly initialize fields in a data structure returned to user space. A local attacker could use this to expose sensitive information (kernel memory). Please note that the RDS protocol is blacklisted in Ubuntu by default. (CVE-2019-16714) It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130147
    published2019-10-22
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130147
    titleUbuntu 18.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-gke-5.0 vulnerabilities (USN-4157-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0204.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705)
    last seen2020-06-01
    modified2020-06-02
    plugin id133221
    published2020-01-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133221
    titleRHEL 8 : kernel (RHSA-2020:0204)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2984-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id131120
    published2019-11-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131120
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0339.NASL
    descriptionFrom Red Hat Security Advisory 2020:0339 : An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][8.1] Include patch
    last seen2020-06-01
    modified2020-06-02
    plugin id133591
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133591
    titleOracle Linux 8 : kernel (ELSA-2020-0339)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0661.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Enhancement(s) : * Selective backport: perf: Sync with upstream v4.16 (BZ#1782748)
    last seen2020-03-18
    modified2020-03-06
    plugin id134260
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134260
    titleRHEL 7 : kernel (RHSA-2020:0661)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2414-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#321840: Reduce memory required to boot capture kernel while using fadump fate#326869: perf: pmu mem_load/store event support fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times The following security bugs were fixed: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129156
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129156
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1347.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1347 advisory. - kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) - kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135252
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135252
    titleRHEL 7 : kernel (RHSA-2020:1347)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-97380355AE.NASL
    descriptionThe 5.2.11 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.10 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.9 stable kernel update contains a number of important fixes across the tree. ---- The 5.2.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128485
    published2019-09-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128485
    titleFedora 29 : kernel / kernel-headers / kernel-tools (2019-97380355ae)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5676.NASL
    descriptionDescription of changes: [4.14.35-1902.302.2.el7uek] - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] {CVE-2013-1798} - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213449] - HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527} - HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527} - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 31198851] - net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130197] - net/rds: Replace struct rds_mr
    last seen2020-05-15
    modified2020-05-12
    plugin id136485
    published2020-05-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136485
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5676)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0014_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the Linux kernel
    last seen2020-04-30
    modified2020-04-21
    plugin id135762
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135762
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-0374.NASL
    descriptionFrom Red Hat Security Advisory 2020:0374 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][7.8] Include patch
    last seen2020-06-01
    modified2020-06-02
    plugin id133514
    published2020-02-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133514
    titleOracle Linux 7 : kernel (ELSA-2020-0374)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0010_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2019-14816) - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895) - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. (CVE-2019-14901) - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-03-08
    plugin id134320
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134320
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2424-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#326869: perf: pmu mem_load/store event support fate#327380: KVM: Add hardware CPU Model - kernel part fate#327377: KVM: Support for configurable virtio-crypto fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel enablement The following security bugs were fixed: CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361). CVE-2019-15924: Fix a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure. (bsc#1149612). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129157
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129157
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2424-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0339.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [Azure][8.1] Include patch
    last seen2020-06-01
    modified2020-06-02
    plugin id133480
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133480
    titleRHEL 8 : kernel (RHSA-2020:0339)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0664.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/ wext-sme.c (CVE-2019-17133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [PATCH] perf: Fix a race between ring_buffer_detach() and ring_buffer_wakeup() (BZ#1772826) * core: backports from upstream (BZ#1780031) * Race between tty_open() and flush_to_ldisc() using the tty_struct-> driver_data field. (BZ#1780160) * [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup (BZ#1783176) Enhancement(s) : * Selective backport: perf: Sync with upstream v4.16 (BZ#1782752)
    last seen2020-03-18
    modified2020-03-06
    plugin id134262
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134262
    titleRHEL 7 : kernel (RHSA-2020:0664)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2949-1.NASL
    descriptionThe SUSE Linux Enterprise 12-SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Exception during Page Size Change, causing the CPU core to be non-functional. The Linux Kernel kvm hypervisor was adjusted to avoid page size changes in executable pages by splitting / merging huge pages into small pages as needed. More information can be found on https://www.suse.com/support/kb/doc/?id=7023735 CVE-2019-16995: Fix a memory leak in hsr_dev_finalize() if hsr_add_port failed to add a port, which may have caused denial of service (bsc#1152685). CVE-2019-11135: Aborting an asynchronous TSX operation on Intel CPUs with Transactional Memory support could be used to facilitate sidechannel information leaks out of microarchitectural buffers, similar to the previously described
    last seen2020-06-01
    modified2020-06-02
    plugin id130949
    published2019-11-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130949
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1197.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923)An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922)An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel
    last seen2020-04-09
    modified2020-03-13
    plugin id134486
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134486
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0328.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/ get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * kernel-rt: update RT source tree to the RHEL-8.1.z2 source tree (BZ# 1780326)
    last seen2020-06-01
    modified2020-06-02
    plugin id133477
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133477
    titleRHEL 8 : kernel-rt (RHSA-2020:0328)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2353.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-12-10
    plugin id131845
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131845
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-311-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-11-08
    plugin id130751
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130751
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2412-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented : jsc#SLE-4875: [CML] New device IDs for CML jsc#SLE-7294: Add cpufreq driver for Raspberry Pi fate#322438: Integrate P9 XIVE support (on PowerVM only) fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only) fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only) fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump fate#326869: perf: pmu mem_load/store event support The following security bugs were fixed: CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163). CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285) CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591). CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed. (bsc#1150025 CVE-2019-9456). CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959). CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516) CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112). CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users
    last seen2020-04-01
    modified2019-09-23
    plugin id129154
    published2019-09-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129154
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2274.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.(CVE-2017-5754)The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.(CVE-2017-7518)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.(CVE-2018-1066)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.(CVE-2018-13094)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.(CVE-2018-9363)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518)A vulnerability was found in Linux kernel
    last seen2020-05-08
    modified2019-11-08
    plugin id130736
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130736
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2114.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-13093, CVE-2018-13094 Wen Xu from SSLab at Gatech reported several NULL pointer dereference flaws that may be triggered when mounting and operating a crafted XFS volume. An attacker able to mount arbitrary XFS volumes could use this to cause a denial of service (crash). CVE-2018-20976 It was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear. CVE-2018-21008 It was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear. CVE-2019-0136 It was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages. A nearby attacker could use this for denial of service (loss of wifi connectivity). CVE-2019-2215 The syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver enabled could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, this driver is not enabled on Debian packaged kernels. CVE-2019-10220 Various developers and researchers found that if a crafted file- system or malicious file server presented a directory with filenames including a
    last seen2020-03-17
    modified2020-03-06
    plugin id134240
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134240
    titleDebian DLA-2114-1 : linux-4.9 security update

Redhat

advisories
  • rhsa
    idRHSA-2020:0174
  • rhsa
    idRHSA-2020:0204
  • rhsa
    idRHSA-2020:0328
  • rhsa
    idRHSA-2020:0339
  • rhsa
    idRHSA-2020:0374
  • rhsa
    idRHSA-2020:0375
  • rhsa
    idRHSA-2020:0653
  • rhsa
    idRHSA-2020:0661
  • rhsa
    idRHSA-2020:0664
rpms
  • kernel-0:4.14.0-115.17.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.17.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.17.1.el7a
  • kernel-debug-0:4.14.0-115.17.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-debug-devel-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.17.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.17.1.el7a
  • kernel-devel-0:4.14.0-115.17.1.el7a
  • kernel-doc-0:4.14.0-115.17.1.el7a
  • kernel-headers-0:4.14.0-115.17.1.el7a
  • kernel-kdump-0:4.14.0-115.17.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.17.1.el7a
  • kernel-tools-0:4.14.0-115.17.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.17.1.el7a
  • kernel-tools-libs-0:4.14.0-115.17.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.17.1.el7a
  • perf-0:4.14.0-115.17.1.el7a
  • perf-debuginfo-0:4.14.0-115.17.1.el7a
  • python-perf-0:4.14.0-115.17.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.17.1.el7a
  • bpftool-0:4.18.0-80.15.1.el8_0
  • bpftool-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-0:4.18.0-80.15.1.el8_0
  • kernel-abi-whitelists-0:4.18.0-80.15.1.el8_0
  • kernel-core-0:4.18.0-80.15.1.el8_0
  • kernel-cross-headers-0:4.18.0-80.15.1.el8_0
  • kernel-debug-0:4.18.0-80.15.1.el8_0
  • kernel-debug-core-0:4.18.0-80.15.1.el8_0
  • kernel-debug-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-debug-devel-0:4.18.0-80.15.1.el8_0
  • kernel-debug-modules-0:4.18.0-80.15.1.el8_0
  • kernel-debug-modules-extra-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-aarch64-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-ppc64le-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-s390x-0:4.18.0-80.15.1.el8_0
  • kernel-debuginfo-common-x86_64-0:4.18.0-80.15.1.el8_0
  • kernel-devel-0:4.18.0-80.15.1.el8_0
  • kernel-doc-0:4.18.0-80.15.1.el8_0
  • kernel-headers-0:4.18.0-80.15.1.el8_0
  • kernel-modules-0:4.18.0-80.15.1.el8_0
  • kernel-modules-extra-0:4.18.0-80.15.1.el8_0
  • kernel-tools-0:4.18.0-80.15.1.el8_0
  • kernel-tools-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-tools-libs-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-core-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-devel-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-modules-0:4.18.0-80.15.1.el8_0
  • kernel-zfcpdump-modules-extra-0:4.18.0-80.15.1.el8_0
  • perf-0:4.18.0-80.15.1.el8_0
  • perf-debuginfo-0:4.18.0-80.15.1.el8_0
  • python3-perf-0:4.18.0-80.15.1.el8_0
  • python3-perf-debuginfo-0:4.18.0-80.15.1.el8_0
  • kernel-rt-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-core-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-core-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-devel-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-kvm-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-modules-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debug-modules-extra-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-devel-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-kvm-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-kvm-debuginfo-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-modules-0:4.18.0-147.5.1.rt24.98.el8_1
  • kernel-rt-modules-extra-0:4.18.0-147.5.1.rt24.98.el8_1
  • bpftool-0:4.18.0-147.5.1.el8_1
  • bpftool-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-0:4.18.0-147.5.1.el8_1
  • kernel-abi-whitelists-0:4.18.0-147.5.1.el8_1
  • kernel-core-0:4.18.0-147.5.1.el8_1
  • kernel-cross-headers-0:4.18.0-147.5.1.el8_1
  • kernel-debug-0:4.18.0-147.5.1.el8_1
  • kernel-debug-core-0:4.18.0-147.5.1.el8_1
  • kernel-debug-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-debug-devel-0:4.18.0-147.5.1.el8_1
  • kernel-debug-modules-0:4.18.0-147.5.1.el8_1
  • kernel-debug-modules-extra-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-aarch64-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-ppc64le-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-s390x-0:4.18.0-147.5.1.el8_1
  • kernel-debuginfo-common-x86_64-0:4.18.0-147.5.1.el8_1
  • kernel-devel-0:4.18.0-147.5.1.el8_1
  • kernel-doc-0:4.18.0-147.5.1.el8_1
  • kernel-headers-0:4.18.0-147.5.1.el8_1
  • kernel-modules-0:4.18.0-147.5.1.el8_1
  • kernel-modules-extra-0:4.18.0-147.5.1.el8_1
  • kernel-tools-0:4.18.0-147.5.1.el8_1
  • kernel-tools-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-tools-libs-0:4.18.0-147.5.1.el8_1
  • kernel-tools-libs-devel-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-core-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-debuginfo-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-devel-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-modules-0:4.18.0-147.5.1.el8_1
  • kernel-zfcpdump-modules-extra-0:4.18.0-147.5.1.el8_1
  • perf-0:4.18.0-147.5.1.el8_1
  • perf-debuginfo-0:4.18.0-147.5.1.el8_1
  • python3-perf-0:4.18.0-147.5.1.el8_1
  • python3-perf-debuginfo-0:4.18.0-147.5.1.el8_1
  • bpftool-0:3.10.0-1062.12.1.el7
  • bpftool-debuginfo-0:3.10.0-1062.12.1.el7
  • kernel-0:3.10.0-1062.12.1.el7
  • kernel-abi-whitelists-0:3.10.0-1062.12.1.el7
  • kernel-bootwrapper-0:3.10.0-1062.12.1.el7
  • kernel-debug-0:3.10.0-1062.12.1.el7
  • kernel-debug-debuginfo-0:3.10.0-1062.12.1.el7
  • kernel-debug-devel-0:3.10.0-1062.12.1.el7
  • kernel-debuginfo-0:3.10.0-1062.12.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1062.12.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1062.12.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1062.12.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1062.12.1.el7
  • kernel-devel-0:3.10.0-1062.12.1.el7
  • kernel-doc-0:3.10.0-1062.12.1.el7
  • kernel-headers-0:3.10.0-1062.12.1.el7
  • kernel-kdump-0:3.10.0-1062.12.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-1062.12.1.el7
  • kernel-kdump-devel-0:3.10.0-1062.12.1.el7
  • kernel-tools-0:3.10.0-1062.12.1.el7
  • kernel-tools-debuginfo-0:3.10.0-1062.12.1.el7
  • kernel-tools-libs-0:3.10.0-1062.12.1.el7
  • kernel-tools-libs-devel-0:3.10.0-1062.12.1.el7
  • perf-0:3.10.0-1062.12.1.el7
  • perf-debuginfo-0:3.10.0-1062.12.1.el7
  • python-perf-0:3.10.0-1062.12.1.el7
  • python-perf-debuginfo-0:3.10.0-1062.12.1.el7
  • kernel-rt-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debug-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debug-devel-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debug-kvm-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debuginfo-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-devel-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-doc-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-kvm-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-trace-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-trace-devel-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-trace-kvm-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1062.12.1.rt56.1042.el7
  • kernel-0:3.10.0-514.73.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.73.1.el7
  • kernel-bootwrapper-0:3.10.0-514.73.1.el7
  • kernel-debug-0:3.10.0-514.73.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.73.1.el7
  • kernel-debug-devel-0:3.10.0-514.73.1.el7
  • kernel-debuginfo-0:3.10.0-514.73.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.73.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.73.1.el7
  • kernel-devel-0:3.10.0-514.73.1.el7
  • kernel-doc-0:3.10.0-514.73.1.el7
  • kernel-headers-0:3.10.0-514.73.1.el7
  • kernel-tools-0:3.10.0-514.73.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.73.1.el7
  • kernel-tools-libs-0:3.10.0-514.73.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.73.1.el7
  • perf-0:3.10.0-514.73.1.el7
  • perf-debuginfo-0:3.10.0-514.73.1.el7
  • python-perf-0:3.10.0-514.73.1.el7
  • python-perf-debuginfo-0:3.10.0-514.73.1.el7
  • kernel-0:3.10.0-327.85.1.el7
  • kernel-abi-whitelists-0:3.10.0-327.85.1.el7
  • kernel-debug-0:3.10.0-327.85.1.el7
  • kernel-debug-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-debug-devel-0:3.10.0-327.85.1.el7
  • kernel-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.85.1.el7
  • kernel-devel-0:3.10.0-327.85.1.el7
  • kernel-doc-0:3.10.0-327.85.1.el7
  • kernel-headers-0:3.10.0-327.85.1.el7
  • kernel-tools-0:3.10.0-327.85.1.el7
  • kernel-tools-debuginfo-0:3.10.0-327.85.1.el7
  • kernel-tools-libs-0:3.10.0-327.85.1.el7
  • kernel-tools-libs-devel-0:3.10.0-327.85.1.el7
  • perf-0:3.10.0-327.85.1.el7
  • perf-debuginfo-0:3.10.0-327.85.1.el7
  • python-perf-0:3.10.0-327.85.1.el7
  • python-perf-debuginfo-0:3.10.0-327.85.1.el7
  • bpftool-0:3.10.0-957.46.1.el7
  • kernel-0:3.10.0-957.46.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.46.1.el7
  • kernel-bootwrapper-0:3.10.0-957.46.1.el7
  • kernel-debug-0:3.10.0-957.46.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.46.1.el7
  • kernel-debug-devel-0:3.10.0-957.46.1.el7
  • kernel-debuginfo-0:3.10.0-957.46.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.46.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.46.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.46.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.46.1.el7
  • kernel-devel-0:3.10.0-957.46.1.el7
  • kernel-doc-0:3.10.0-957.46.1.el7
  • kernel-headers-0:3.10.0-957.46.1.el7
  • kernel-kdump-0:3.10.0-957.46.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.46.1.el7
  • kernel-kdump-devel-0:3.10.0-957.46.1.el7
  • kernel-tools-0:3.10.0-957.46.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.46.1.el7
  • kernel-tools-libs-0:3.10.0-957.46.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.46.1.el7
  • perf-0:3.10.0-957.46.1.el7
  • perf-debuginfo-0:3.10.0-957.46.1.el7
  • python-perf-0:3.10.0-957.46.1.el7
  • python-perf-debuginfo-0:3.10.0-957.46.1.el7
  • kernel-0:3.10.0-862.51.1.el7
  • kernel-abi-whitelists-0:3.10.0-862.51.1.el7
  • kernel-bootwrapper-0:3.10.0-862.51.1.el7
  • kernel-debug-0:3.10.0-862.51.1.el7
  • kernel-debug-debuginfo-0:3.10.0-862.51.1.el7
  • kernel-debug-devel-0:3.10.0-862.51.1.el7
  • kernel-debuginfo-0:3.10.0-862.51.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.51.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.51.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.51.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.51.1.el7
  • kernel-devel-0:3.10.0-862.51.1.el7
  • kernel-doc-0:3.10.0-862.51.1.el7
  • kernel-headers-0:3.10.0-862.51.1.el7
  • kernel-kdump-0:3.10.0-862.51.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.51.1.el7
  • kernel-kdump-devel-0:3.10.0-862.51.1.el7
  • kernel-tools-0:3.10.0-862.51.1.el7
  • kernel-tools-debuginfo-0:3.10.0-862.51.1.el7
  • kernel-tools-libs-0:3.10.0-862.51.1.el7
  • kernel-tools-libs-devel-0:3.10.0-862.51.1.el7
  • perf-0:3.10.0-862.51.1.el7
  • perf-debuginfo-0:3.10.0-862.51.1.el7
  • python-perf-0:3.10.0-862.51.1.el7
  • python-perf-debuginfo-0:3.10.0-862.51.1.el7
  • kernel-0:3.10.0-693.65.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.65.1.el7
  • kernel-bootwrapper-0:3.10.0-693.65.1.el7
  • kernel-debug-0:3.10.0-693.65.1.el7
  • kernel-debug-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-debug-devel-0:3.10.0-693.65.1.el7
  • kernel-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.65.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.65.1.el7
  • kernel-devel-0:3.10.0-693.65.1.el7
  • kernel-doc-0:3.10.0-693.65.1.el7
  • kernel-headers-0:3.10.0-693.65.1.el7
  • kernel-tools-0:3.10.0-693.65.1.el7
  • kernel-tools-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-tools-libs-0:3.10.0-693.65.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.65.1.el7
  • perf-0:3.10.0-693.65.1.el7
  • perf-debuginfo-0:3.10.0-693.65.1.el7
  • python-perf-0:3.10.0-693.65.1.el7
  • python-perf-debuginfo-0:3.10.0-693.65.1.el7
  • kernel-rt-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debug-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-doc-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-firmware-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-trace-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.65.1.rt56.663.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.65.1.rt56.663.el6rt

References